Oracle9iAS: Basic Administration

Student Guide Volume 1

D12204GC20 Production 2.0 October 2002 D37338

Author
Heike Hundt

Copyright Oracle Corporation, 2002. All rights reserved. This documentation contains proprietary information of Oracle Corporation. It is provided under a license agreement containing restrictions on use and disclosure and is also protected by copyright law. Reverse engineering of the software is prohibited. If this documentation is delivered to a U.S. Government Agency of the Department of Defense, then it is delivered with Restricted Rights and the following legend is applicable: Restricted Rights Legend Use, duplication or disclosure by the Government is subject to restrictions for commercial computer software and shall be deemed to be Restricted Rights software under Federal law, as set forth in subparagraph (c)(1)(ii) of DFARS 252.227-7013, Rights in Technical Data and Computer Software (October 1988). This material or any portion of it may not be copied in any form or by any means without the express prior written permission of Oracle Corporation. Any other copying is a violation of copyright law and may result in civil and/or criminal penalties. If this documentation is delivered to a U.S. Government Agency not within the Department of Defense, then it is delivered with Restricted Rights, as defined in FAR 52.227-14, Rights in Data-General, including Alternate III (June 1987). The information in this document is subject to change without notice. If you find any problems in the documentation, please report them in writing to Education Products, Oracle Corporation, 500 Oracle Parkway, Box SB-6, Redwood Shores, CA 94065. Oracle Corporation does not warrant that this document is error-free. All references to Oracle and Oracle products are trademarks or registered trademarks of Oracle Corporation. All other products or company names are used for identification purposes only, and may be trademarks of their respective owners.

Technical Contributors and Reviewers

Ashesh Parekh Beth Roeser Christine Chan Greg Gagnon Holger Dindler-Rasmussen Jeremy Lizt Jesse Anton Jim Garm John Watson Ken Morse Larry Frazier Linda Klein Mark Pare Monica Motley Pavana Jain Priya Darshane Russ Lowenthal Taj-Ul Islam Tor-Ivar Hals Val Kane

Publisher
Hamsa Venkatachalam

Contents
Preface
1 Introduction Course Objectives 1-2 Agenda Features and Basics 1-4 Oracle HTTP Server Lessons 1-5 OC4J Lessons 1-6 Oracle9iAS Web Cache and Infrastructure 1-7 Security 1-8 Web Fundamentals 1-9 Evolution of Web Servers 1-10 URL Components 1-11 Hypertext Transfer Protocol 1-12 The GET and POST HTTP Methods 1-13 Communication Flow 1-14 Additional Information 1-16 2 Oracle9iAS Key Features Objectives 2-2 Oracle9i Application Server: Overview 2-3 J2EE, Web Services, and Internet Applications 2-4 Oracle HTTP Server 2-5 J2EE Key Features 2-6 Oracle9iAS Quick Tour 2-7 Oracle9iAS Key Features 2-8 Running Web Sites and Applications 2-9 Creating Personalized Portals 2-10 Create Personalized Portals 2-11 Oracle9iAS Portal Key Features 2-12 Wireless-Enabled Portals 2-13 Wireless-Enabled Applications 2-14 Integrating Users, Applications, and Businesses 2-15 Provide Business Intelligence for the Web 2-16 Oracle9iAS Clickstream Intelligence 2-17 Oracle9iAS Discoverer 2-18 Extracting Business Intelligence 2-19 Oracle9iAS Reports Services 2-20 Oracle9iAS Web Cache 2-21 Accelerating Performance 2-22 Accelerate Performance with Caching 2-23 Web Cache Key Features 2-24 Distributed Content Delivery 2-25 Managing and Securing the Web Infrastructure 2-26 Oracle Internet Directory and Security 2-28 Oracle9iAS Web Services 2-29 Summary 2-30
i

3 Oracle9iAS Architecture and Installation Options Objectives 3-2 Oracle9i Application Server Services 3-3 Three-Tier Computing Model 3-4 Oracle9iAS Complete 3-5 Oracle9iAS Product Components 3-6 First Choice of Installation Options 3-7 Oracle9iAS Installation Types 3-8 Oracle9iAS Topology 3-9 Installation Conditions 3-10 Oracle9i Application Server Components 3-11 J2EE and Web Cache Installation 3-12 Oracle9iAS Installations Requiring Oracle9iAS Metadata Repository 3-14 Oracle9iAS Infrastructure 3-15 Oracle9iAS Developer Kits 3-17 Deployment Topologies 3-18 Using Oracle9iAS Infrastructure 3-19 Oracle9iAS and Infrastructure 3-20 Oracle9iAS Request Flows 3-21 Oracle9iAS Web Cache Architecture 3-22 Oracle9iAS Wireless 3-23 Mobile Portal 3-24 Oracle9iAS Portal 3-25 Oracle9iAS Reports Services 3-26 Oracle9iAS Forms Services 3-28 Oracle9iAS Discoverer 3-30 Oracle9iAS Clickstream Intelligence 3-31 Oracle9iAS Personalization 3-32 Oracle Internet Directory 3-33 Oracle Enterprise Manager and Oracle9iAS 3-34 Oracle Advanced Security (ASO) 3-35 Summary 3-36 4 Installing Oracle9iAS Objectives 4-2 Hardware Requirements for UNIX 4-3 Hardware Requirements for Windows NT/2000 4-4 Memory Requirements 4-5 Additional Requirements 4-6 Software Requirements for Windows NT/2000 4-7 Installation Overview 4-8

ii

Preinstallation Tasks: Environment Variables Host Name File 4-10 Preinstallation: UNIX Accounts and Groups 4-12 Starting the Installation 4-14 Oracle Universal Installer 4-15 Inventory Location Window 4-16 File Locations Window 4-17 Available Products Installation Window 4-18 Required Information During Installation 4-19 Oracle9iAS Installation Types 4-20 Component Configuration Window 4-21 Oracle9iAS Infrastructure Use Window 4-22 Create Instance Name and ias_admin Password Window 4-23 Create Instance Name Window 4-24 Existing Oracle Internet Directory 4-25 Existing Oracle9iAS Single Sign-On Window 4-26 Summary Window 4-27 End of Installation Window 4-28 Infrastructure Installation 4-29 Component Configuration Window 4-30 Existing Oracle9iAS Infrastructure 4-32 Database Character Set Window 4-33 Postinstallation Tasks 4-34 Oracle9iAS Welcome Page 4-36 Summary 4-37 5 Managing Oracle9iAS Objectives 5-2 Overview 5-3 Oracle9iAS Management Overview 5-4 Oracle Enterprise Manager Web Site 5-5 Getting Started with the OEM Web Site 5-6 Oracle Enterprise Manager Homepages 5-7 Oracle9iAS Farm Home Page 5-8 Oracle9iAS Instance Home Page 5-9 Starting, Stopping, and Restarting Oracle9iAS Instances 5-10 Starting, Stopping, and Restarting Components 5-11 Obtaining Common Metrics about Oracle9iAS 5-12 Obtaining Information about the Host Computer 5-13 Oracle9iAS Host Home Page 5-14 Oracle9iAS Component Homepages 5-15 OEM Console 5-16 The Enterprise Manager Three-Tier Framework 5-17 Console and OEM Web Site 5-18

iii

OEM Web Site Command Line Utility emctl 5-19 Oracle Enterprise Manager Web Site 5-20 Oracle Process Management and Notification System (OPMN) 5-21 Distributed Configuration Management (DCM) 5-22 Dcmctl 5-23 dcmctl Start and Stop 5-24 Using dcmctl for Management Purposes 5-25 Using dcmctl in Batch Mode 5-26 Using dcmctl for Backup and Restore 5-27 Typical Start-up Sequence 5-28 Typical Shutdown Sequence 5-29 Summary 5-30 6 Managing the Oracle HTTP Server Objectives 6-2 Overview 6-3 Directory Structure 6-4 Oracle HTTP Server Configuration Files 6-5 Starting, Stopping, and Restarting the HTTP Server 6-7 Starting, Stopping, and Restarting the HTTP Server Manually 6-8 Oracle9iAS Welcome Page 6-9 Oracle9iAS Demo Page 6-10 Oracle HTTP Server Modules 6-11 httpd.conf Configuration File Organization 6-13 Configuring the Oracle HTTP Server 6-14 Setting Server and Administrator Functions 6-15 Specifying File Locations 6-17 HTTP Server Processing Mode 6-19 Limiting the Number of Processes and Connections 6-20 Specifying Listener Ports and Addresses 6-22 Configuring and Using Server Logs 6-24 Using the LogLevel Directive 6-26 Specifying Log Formats 6-27 Resetting Log Files 6-28 Oracle HTTP Server Homepage 6-29 Modifying General Server Properties 6-30 Specifying a Listener Port 6-31 Changing Error Log Properties 6-32 Adding an Access Log File 6-33 Managing Client Requests and Connection Handling 6-34 Advanced Server Properties 6-35 Editing Server Configuration Files 6-36 Getting the Server Status 6-37 Monitoring the Oracle HTTP Server 6-38 Summary 6-39

iv

7 Configuring the Oracle HTTP Server Advanced Features Objectives 7-2 Configuration Contexts 7-3 Block Directives 7-5 Container Directives 7-6 Container Directives: <Directory> 7-7 <Files> and <Location> Directives 7-8 <VirtualHost> Directive 7-10 Directives with Only Local Scope 7-11 Where Directives Can Go 7-12 How the Oracle HTTP Server Combines Containers and Their Contents 7-14 Context Merging and Inheritance 7-15 Controlling Allowed Features 7-16 Options Parameters 7-17 Using Options 7-19 Enabling Server-Side Includes (SSI) 7-20 Overriding Directives with the Per-Directory Configuration 7-21 Directory Indexing 7-23 DirectoryIndex 7-24 Controlling Directory Listings with IndexIgnore 7-25 Error and Response Handling 7-26 Expires 7-28 Alias, AliasMatch and ScriptAlias 7-29 Defining Virtual Hosts 7-30 Using IP-based Virtual Hosts 7-32 Using Name-based Virtual Hosts 7-33 Using Virtual Hosts 7-34 Virtual Host Examples for Common Setups 7-35 Configuring Virtual Hosts Using OEM 7-38 Summary 7-39 8 Managing PL/SQL, CGI, and Perl Applications Objectives 8-2 Overview 8-3 The mod_plsql Module 8-4 Communication Flow: The Path of HTTP Requests 8-6 Enabling a PL/SQL Application 8-7 mod_plsql Configuration Files 8-8 plsql.conf 8-9 dads.conf 8-10 Configuring mod_plsql 8-11 Obtaining Information about mod_plsql 8-13 Configuring DADs Using dads.conf 8-14 DAD Creation Wizard 8-15 Invoking a PL/SQL Application 8-16 Invoking a PL/SQL Application Example 1 8-17 Invoking a PL/SQL Application Example 2 8-18 Preventing the Execution of PL/SQL Procedures 8-19 How To Use PlsqlExclusionList 8-20

cache.conf 8-21 Troubleshooting 8-23 PL/SQL Server Pages (PSPs) 8-24 Introducing the mod_cgi Module 8-25 Enabling CGI Scripts and Improving Security 8-26 Working with CGI 8-27 The mod_fastcgi Module 8-28 Benefits of FastCGI 8-29 Enabling the FastCGI Server 8-30 Overview of the mod_perl Module 8-31 Controlling Dynamic Content and Security 8-32 Summary 8-33 9 Introduction to Java 2, Enterprise Edition (J2EE) Objectives 9-2 What Is J2EE? 9-3 J2EE Applications 9-4 Archives 9-5 JARs 9-6 EJB JARs 9-7 WARs 9-8 EARs 9-9 Application Directory Structures - EAR 9-10 J2EE Roles 9-11 Java Bean Developer Roles 9-16 Summary 9-18 10 Configuring OC4J Objectives 10-2 OC4J Architecture 10-3 mod_oc4j 10-4 Definitions and Terminology 10-5 Oracle9iAS Terminology 10-6 OC4J Configuration Basics 10-8 OC4J Configuration Files 10-11 1. Oracle HTTP Server Configuration Files 10-12 OHS: Sample mod_oc4j.conf File 10-13 2. The OC4J Server Configuration Files 10-15 Sample server.xml File 10-16 Sample default-web-site.xml File 10-17 3. Application Configuration Files 10-18 J2EE-Standard Application Configuration Files 10-19 OC4J-Specific Application Configuration Files 10-20 OC4J Application Directory Structure 10-21 J2EE Application Archive Structure 10-22

vi

OC4J Management Options 10-23 OEM Web Site: OC4J Homepage 10-24 Stopping and Restarting OC4J Instances Manually 10-25 Help and Error Commands 10-26 Application Deployment 10-27 Deployment Scenarios 10-28 1. Deploying a Simple Servlet 10-29 2. Deploying JSPs 10-30 3. Deploying Web Application Modules Using OEM Web Site 10-31 3. Deploying Web Application Modules Using dcmctl 10-32 Summary 10-33 11 Deploying Java Applications with OC4J Objectives 11-2 Databases and J2EE 11-3 J2EE Architecture 11-4 Data Sources and the Deployer Role 11-5 JNDI Mappings 11-6 Data Source Definition 11-7 Obtaining Data Source Information from OC4J Homepage 11-8 Sample data-sources.xml File 11-9 Using Additional Data Sources 11-10 Creating a Data Source General 11-11 Creating a Data Source JNDI Locations 11-12 Creating a Data Source Connection Attributes, Properties 11-13 Enterprise JavaBeans (EJB) 11-14 EJB Structure 11-15 EJB and OC4J 11-16 EJB Module 11-17 Specifying CMP Data Source 11-18 Binding EJBs to Existing Tables 11-19 Performance Enhancements 11-20 Deploying J2EE Applications Using OEM 11-21 Deploying J2EE Applications Using dcmctl 11-25 Server Actions at Deployment 11-26 Accessing the Bean from an EJB Client 11-27 Summary 11-29

vii

12 Deploying Web Services Objectives 12-2 Overview 12-3 Definition of Web Services 12-4 What Are Web Services? 12-5 Web Services Standards 12-6 Why Use Web Services? 12-8 Web Services Communication Flow 12-9 Oracle9iAS Web Services Architecture 12-11 Simple Object Access Protocol (SOAP) 12-13 SOAP Message: Overview 12-14 SOAP Example 12-15 SOAP Request Handler 12-16 Obtaining UDDI Registry Information 12-17 Invoking Oracle9iAS Web Services 12-18 Deploying and Managing Web Services 12-19 Web Services Architecture 12-20 Packaging and Deployment Options 12-21 Example: Stateless Java Web Service 12-22 Summary 12-25 13 Introducing Oracle9iAS Web Cache Objectives 13-2 Benefits of Oracle9iAS Web Cache 13-3 Oracle9iAS Web Cache 13-4 What is Oracle9iAS Web Cache? 13-5 Oracle9iAS Web Cache Architecture 13-6 How Does Oracle9iAS Web Cache Work? 13-7 Features of Oracle9iAS Web Cache 13-8 Oracle9iAS Web Cache Concepts 13-12 Expiration Policies 13-14 HTTP Invalidation Messages 13-15 Performance Assurance and Surge Protection 13-17 Caching Dynamic and Partial Pages 13-18 Initial Setup and Configuration Overview 13-20 Directory Structure 13-22 Oracle9iAS Web Cache Homepage 13-23 Oracle9iAS Web Cache Manager 13-24

ix

Starting and Stopping Oracle9iAS Web Cache 13-26 Configuration Files 13-29 Restarting Oracle9iAS Web Cache: Troubleshooting 13-30 Modifying Security Settings 13-31 Modifying or Creating Apology Pages 13-33 Specifying Origin Server Settings 13-35 Configuring Site Definitions 13-37 Configuring Site to Server Mapping 13-39 Specifying Additional Listening Ports 13-41 Changing Operations Ports 13-42 Summary 13-43 14 Using and Managing Oracle9iAS Web Cache Objectives 14-2 Flow Overview for Cache Misses 14-3 Cacheability Rules: Overview 14-4 Predefined Cacheability Rules 14-5 Regular Expressions 14-6 Cacheability Rules 14-7 Creating Cacheability Rules 14-8 Edit Cacheability Rules 14-10 Defining Expiration Rules 14-12 Basic Content Invalidation 14-13 Advanced Content Invalidation 14-14 Rules for Multiple-Version Documents Containing Cookies 14-15 Rules for Multiple-Version Documents 14-16 In-Cache Personalized Pages 14-17 Session Tracking 14-18 Configuring Rules for Pages with Session Tracking 14-19 Create a Session Definition 14-20 Session-Encoded URLs 14-21 Content Compression 14-22 Partial Page Caching With ESI 14-23 Simple Personalization With ESI 14-25 Enabling Partial Page Caching 14-26 Example Portal Site Implementation 14-27 Administering Oracle9iAS Web Cache 14-29 Performance Monitoring 14-31 Web Cache Statistics 14-33 Application Web Server Statistics 14-34 Logging: Access Log 14-35 Configuring Access Logs 14-37 Logging: Event Logs 14-38 Analysis: Common Return Codes 14-39 Oracle9iAS Web Cache Deployment 14-40 Web Cache and Firewalls 14-41 Summary 14-42
x

15 Managing the Oracle9iAS Infrastructure Objectives 15-2 Overview 15-3 Oracle9iAS Infrastructure Installation Type 15-4 Oracle9iAS Infrastructure Components 15-5 Oracle9iAS Installation Infrastructure 15-6 Benefits of the Infrastructure 15-7 Oracle9iAS Typical Deployment 15-8 Oracle9iAS Common Deployment 15-9 Oracle9iAS: Other Deployment Scenario 15-10 Infrastructure and SSO Service 15-11 Separation of SSO and OID 15-12 Infrastructure and SSO Service 15-13 Infrastructure and J2EE Clustering 15-14 Starting and Stopping Infrastructure 15-15 Starting Infrastructure 15-16 Stopping Infrastructure 15-18 Managing the Infrastructure Instance 15-20 Managing the Metadata Repository 15-21 Changing Metadata Repository Passwords 15-23 Backing Up and Restoring an Infrastructure 15-24 Configuring the Management Server 15-25 Summary 15-26 16 Introducing Oracle9iAS Clustering Concepts Objectives 16-2 Overview 16-3 Oracle9iAS Terminology 16-4 Oracle9iAS Farms 16-5 Oracle9iAS Instances 16-6 Architecture of an Oracle9iAS Instance 16-7 Overview of Oracle9iAS Clusters 16-8 Oracle9iAS Clustering Architecture 16-9 Architecture of an Oracle9iAS Cluster 16-10 Managing the Application Server with Common Failure Scenarios 16-11 A Node Within a Cluster Goes Down 16-12 OPMN Goes Down 16-13 An Oracle HTTP Server Goes Down 16-15 An OC4J Process Goes Down 16-16 Deploying a J2EE Application to a Cluster 16-17 Joining a New Instance to a Cluster 16-18 Clustered Deployment Within Firewalls 16-19 Clustered Deployment Across DMZ 16-20 Creating a Cluster using OEM 16-21 Adding an Instance 16-22 Summary 16-23
xi

17 Managing Security Objectives 17-2 Security Risks in an Internet Environment 17-3 Addressing the Security Challenges 17-5 Oracle9iAS Security Architecture 17-6 Application Server Security 17-8 Oracle9iAS Java Authentication and Authorization Service 17-10 Networking Security Terms 17-11 Firewalls with Bastion Hosts 17-12 Switched Connection DMZ Hosts 17-14 Basic Guidelines 17-15 Complex Switched Configuration 17-17 Process Development and Deployment 17-18 Securing the Oracle HTTP Server Itself 17-20 Oracle HTTP Server Security Modules 17-22 Host-Based Access Control 17-23 User Authentication 17-27 Authentication Configuration Requirements 17-29 Using Authentication Directives in .htaccess 17-30 Basic Authentication 17-31 The htpasswd Utility 17-32 Anonymous Authentication 17-33 Combining User- and Host-Based Authentication 17-35 Summary 17-36 18 Securing the Oracle HTTP Server with Secure Sockets Layer (SSL) Objectives 18-2 Overview 18-3 Establishing Secure Web Sessions 18-4 How Digital IDs Work 18-5 Symmetric Cryptography 18-6 Public Key Cryptography 18-7 Digital Ids 18-8 How Digital Signatures Work 18-9 How To Use Digital Signatures 18-10 How Digital Signatures Work for SSL 18-11 How SSL Works 18-12 Using SSL with Basic Authentication 18-14 SSL and Oracle HTTP Server 18-15 Unsupported mod_ssl Directives 18-16 Using mod_ossl Directives 18-17 Basic SSL Configuration 18-18 SSL Configuration 18-19 Migration of Existing Certificates 18-20

xii

Using ssl2ossl 18-21 Using iasobf 18-22 Oracle Wallet Manager 18-23 Creating a New Wallet 18-24 Creating a Certificate Request 18-25 Exporting a Certificate Request 18-26 Getting a Signed Certificate 18-27 Oracle HTTP Server with SSL Enabled 18-29 Testing SSL 18-30 Advanced SSL Configuration 18-31 Using SSL Environment Variables 18-32 Client Certification 18-33 Summary 18-34 19 Introducing Oracle9iAS Single Sign-On Objectives 19-2 What is Oracle9iAS Single Sign-On? 19-3 Oracle9iAS Single Sign-On 19-4 Application Types 19-5 Authentication and Authorization Without Single Sign-On 19-6 Authentication and Authorization to Partner Applications 19-7 Authentication to External Applications First Access 19-8 Authentication to External Applications Subsequent Access 19-9 Enabling Authentication Using mod_osso.conf 19-10 Configuring the Oracle HTTP Server for Single Sign-On 19-11 SSO Login Page 19-12 SSO Administration Page 19-13 Editing SSO Server Credentials 19-14 Administering Users With the Delegated Administration Service (DAS) 19-15 Creating New Users 19-16 Editing Existing Users 19-17 Self Service Administration 19-18 Monitoring the Single Sign-On Server 19-19 Enabling the SSO Server for SSL 19-21 Summary 19-23

xiii

20 Introducing Oracle Internet Directory Objectives 20-2 Overview 20-3 What is a Directory? 20-4 Databases Versus Directories 20-5 Common Directory Applications 20-7 Lightweight Directory Access Protocol (LDAP) 20-8 LDAP Components 20-9 Oracle Internet Directory (OID) 20-10 OID Architectural Overview 20-11 OID Node Architecture 20-12 OID Server Instance Architecture 20-14 How OID Works 20-15 Benefits of OID 20-17 Oracle Directory Manager 20-18 Managing an Oracle Internet Directory Using OID Homepage 20-19 Starting Oracle Directory Manager 20-20 Connecting to a Directory Server 20-21 Oracle Directory Manager Connect Dialog Box 20-22 Navigating Oracle Directory Manager 20-25 Oracle Directory Manager Menu Bar 20-27 Oracle Directory Manager Toolbar 20-28 Connecting to Additional Directory Servers 20-29 Disconnecting from a Directory Server 20-30 Summary 20-31 Appendix A Practices Appendix B Solutions

xiv